I have an adept stalker/hacker chasing after me who's been monitoring my gchats and internet activity for whatever reason. I would guess he has some extremely hidden spyware or hijacked the browser in a way that isn't being picked up by zonealarm or norton, as the router attacks only happened AFTER i started googling insecure network ports on my router (I'll reformat, I guess?)

From what I've been reading all he needed to get in was the router's ethernet MAC address and some administrator password that's supposedly available online. Is this correct?

also, my router is a westell 9100 BHR ultra series not actiontec. sorry

and when the stalker had access to my router he changed this under the port forwarding settings:Local Host:255.255.255.255 Local Address: 255.255.255.255 (Unresolved) Verizon FIOS Service Any Application - TCP Any -> 0 Disabled

Does that mean anything, or was he just trying to see what he could do?

and here's a few failed attempts so you guys get the point that it was a hacker attack:

Some dude has been running botnet attacks to gain access to my actiontec router and this past weekend he was successful:

You're being probed from a number of different addresses, which is not uncommon.

74.125.227.33

173.192.226.198

65.60.38.194

74.125.227.49

78.141.177.62

77.67.87.105

The above probes are simply discarded because you have no application listening on that port.

The probes from 81.200.61.23 (Czech Republic) to the VZ CPE management port (4567) are logged as accepted because there is an application listening on that port. The log message simply means the initial inbound TCP connect packet was passed on to the application rather than being dropped by the firewall. Port 4567 is protected by SSL encryption, so it is highly unlikely that the hacker was able to crack the both the logon credentials and the SSL certificate.

There used to be ways to block port 4567, however VZ has disabled those methods.

I'm pretty certain I didn't see that bottom entry the previous week. And if you'll notice, I can't undo it without reseting the router.

Interesting that you have no port forwarding entries for the stb's. I have many of them, looks like 8 for each stb now. I reset the router and they come back as does the port 4567 forwarding. There have been several dicussions on this in this forum in the past.

As you can see from the attachment I have the same forwarding that you do and I believe everybody else does. Maybe it's a Westell thing .

If it's a hacker it would seem to be rather pointless as there is nothing on the lan segment addressed by the westell router except the stbs and another router that has no port forwarding rules.